If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below. ** If you are logged in, most ads will not be displayed. **

Securing down RHEL

Hello, I am looking in opinions on securing my RHEL linux box. I know a very good amount of hacking/security techniques from my hacking days, but I always want to get others opinions. We all have something to learn from each other. Also, I am trying to run aide -i, which runs, but nothing seems to be happening. Any ideas?

-absal0m

*edit* aide was just taking awhile to load. Though aide now gives me this error:File database must have one db_spec specification

Not to be pedantic about it but there's no opportunity to "learn from each other" until you actually share something anyone here can learn from.

Originally Posted by absal0m

(..) aide now gives me this error:File database must have one db_spec specification

Start with 'aide -c aide.conf -D;' and 'man aide.conf'. If you really don't get it post output of 'grep database_ aide.conf'.

Originally Posted by absal0m

Hello, I am looking in opinions on securing my RHEL linux box.

I'm very much for sharing nfo efficiently. What's missing IMO is details about this machines location and role and a list of basic security measures you already implemented. (Also note that saying things like "machine under attack" is not useful w/o details.) Regardless of that be aware Red Hat has provided extensive admin documentation for ages which may serve as initial checklist. On top of that several organizations provide guidelines (NSA, NIST, SANS), benchmarks (Cisecurity, OVAL) and tools (Red Hat, 3rd party repos like EPEL) for free to help you assess this machines security posture. I suggest you start by posting the requested details, that way it's easier to fill in the gaps.

Not to be pedantic about it but there's no opportunity to "learn from each other" until you actually share something anyone here can learn from.

Start with 'aide -c aide.conf -D;' and 'man aide.conf'. If you really don't get it post output of 'grep database_ aide.conf'.

I'm very much for sharing nfo efficiently. What's missing IMO is details about this machines location and role and a list of basic security measures you already implemented. (Also note that saying things like "machine under attack" is not useful w/o details.) Regardless of that be aware Red Hat has provided extensive admin documentation for ages which may serve as initial checklist. On top of that several organizations provide guidelines (NSA, NIST, SANS), benchmarks (Cisecurity, OVAL) and tools (Red Hat, 3rd party repos like EPEL) for free to help you assess this machines security posture. I suggest you start by posting the requested details, that way it's easier to fill in the gaps.

Quite blunt, but true no less. I will gather my information and hopefully post it later today.

But again, your first statement. I found that quite rude, and if you have to say "not to be pedantic" you are being pendantic.